Penetration Testing mailing list archives
RE: What is your policy on customers participating in a pen test?
From: "Ken Halbeck" <khalbeck () grayhatsecurity com>
Date: Tue, 19 Jun 2001 17:31:24 -0700
J, Our experience has been that the customer usually has someone from their IT staff on duty at the location while we are performing the test. We actually recommend in this in event that we take one of their critical / key servers or routers offline and it needs to be rebooted. It also helps out on the communication between us and the client who's admin is usually a gearhead and interested hacking / security at some level. Like you we provide some time onsite with one of engineers to go over the test with them and answer any questions that they might have. Ultimately is establishes a good line communication with the client, potential repeat business, and a level of trust between all parties. Ken -----Original Message----- From: Joe Klein [mailto:jsklein () mindspring com] Sent: Monday, June 18, 2001 11:00 PM To: pen-test () securityfocus com Subject: What is your policy on customers particapating in a pen test? All: I am hearing customers request ( and some times demand ) that they be part of a pen test. Currently, we offer the customer 4 - 8 hours of time to review findings and show them what we did, to access there systems. But we do this after the pen test is complete. I was wondering how other companies deal with this issue? J
Current thread:
- Re: Blind IP spoofing portscan tool?, (continued)
- Re: Blind IP spoofing portscan tool? Chris Winter (Jun 14)
- RE: Blind IP spoofing portscan tool? Filipe Almeida (Jun 15)
- Re: Blind IP spoofing portscan tool? Alberto_Revelli (Jun 14)
- RE: Blind IP spoofing portscan tool? Yonatan Bokovza (Jun 14)
- RE: Blind IP spoofing portscan tool? thomas olofsson (Jun 18)
- What is your policy on customers particapating in a pen test? Joe Klein (Jun 19)
- Re: What is your policy on customers particapating in a pen test? Meritt James (Jun 19)
- RE: What is your policy on customers particapating in a pen test? Ken Pfeil (Jun 21)
- Re: What is your policy on customers particapating in a pen test? GBH (Jun 19)
- Re: What is your policy on customers particapating in a pen test? Jonathan Rickman (Jun 19)
- RE: What is your policy on customers participating in a pen test? Ken Halbeck (Jun 19)
- Re: What is your policy on customers particapating in a pen test? Vanja Hrustic (Jun 20)
- Re: What is your policy on customers particapating in a pen test? Jonathan Rickman (Jun 21)
- Re: What is your policy on customers particapating in a pen test? Vanja Hrustic (Jun 22)
- RE: What is your policy on customers particapating in a pen test? Bojan Zdrnja (Jun 25)
- What is your policy on customers particapating in a pen test? Joe Klein (Jun 19)
- RE: What is your policy on customers participating in a pen test? Dom De Vitto (Jun 21)
- Re: What is your policy on customers particapating in a pen test? Gary Warner (Jun 21)
- Re: What is your policy on customers particapating in a pen test? Meritt James (Jun 21)